Researchers reverse engineered the updated GandCrab ransomware and discovered new features that improve its ability to evade detection and impede analysis by defense teams. The most recent versions use an algorithm called Salsa20 to encrypt files instead of slower and less efficient alternatives such as the Advanced Encryption Standard (AES) and RSA. IBM X-Force recommends a method called last resort containment to help organizations respond when they cant quickly or easily figure out where new ransomware attacks are coming from. Given how quickly this ransomware has become valuable to cybercriminals and the promotion it may be getting on underground forums.”]

